db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4978) Document the new SQLPermission required by the JDBC 4.1 Connection.abort(Executor) method
Date Tue, 25 Jan 2011 20:51:45 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12986680#action_12986680

Rick Hillegas commented on DERBY-4978:

Thanks, Kim. These changes look good. I have a couple comments:


I think that the reader might be confused about whether this permission should be granted
to the derby jars or to application code. It's certainly a point which confused me for a while.
The permission needs to be granted to both--but the user just needs to be careful to not blanket-grant
it to all application code.


I would make the same points about what code gets this permission. In addition, I would recommend
adding a little more explanation of what this method does. Something like this:

"The abort(Executor) method aborts a running connection. Outstanding transactional work is
rolled back and the physical connection to the database is destroyed. When running under a
Java SecurityManager, this method can be called only if SQLPermission( "callAbort" ) has been
granted both to the Derby JDBC driver (in derby.jar and derbyclient.jar) and to the user code
which calls Connection.abort(). For security reasons, permission to execute this method should
not be granted lightly. Do not grant this permission to application code unless you are certain
it can only be invoked by superusers. For more information, see "Granting permissions to Derby"
in Derby Developer's Guide."

> Document the new SQLPermission required by the JDBC 4.1 Connection.abort(Executor) method
> -----------------------------------------------------------------------------------------
>                 Key: DERBY-4978
>                 URL: https://issues.apache.org/jira/browse/DERBY-4978
>             Project: Derby
>          Issue Type: Task
>          Components: Documentation, JDBC
>    Affects Versions:
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>         Attachments: DERBY-4978.diff, DERBY-4978.stat, DERBY-4978.zip
> We need to add material to the Reference and Developer's Guides as described in the 2011-01-14
comment on DERBY-4869.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message